BaseDraft

CWE-1313Hardware Allows Activation of Test or Debug Logic at Runtime

Category: config

Description

During runtime, the hardware allows for test or debug logic (feature) to be activated, which allows for changing the state of the hardware. This feature can alter the intended behavior of the system and allow for alteration and leakage of sensitive data by an adversary.

Common consequences· 1

  • Confidentiality / Integrity / Availability — Modify Memory, Read Memory, DoS: Crash, Exit, or Restart, DoS: Instability, DoS: Resource Consumption (CPU), DoS: Resource Consumption (Memory), DoS: Resource Consumption (Other), Execute Unauthorized Code or Commands, Gain Privileges or Assume Identity, Bypass Protection Mechanism, Alter Execution Logic, Quality Degradation, Unexpected State, Reduce Performance, Reduce Reliability

Potential mitigations· 3

  • [Architecture and Design]Insert restrictions on when the hardware's test or debug features can be activated. For example, during normal operating modes, the hardware's privileged modes that allow access to such features cannot be activated. Configuring the hardware to only enter a test or debug mode within a window of opportunity such as during boot or configuration stage. The result is disablement of such test/debug features and associated modes during normal runtime operations.
  • [Implementation]Insert restrictions on when the hardware's test or debug features can be activated. For example, during normal operating modes, the hardware's privileged modes that allow access to such features cannot be activated. Configuring the hardware to only enter a test or debug mode within a window of opportunity such as during boot or configuration stage. The result is disablement of such test/debug features and associated modes during normal runtime operations.
  • [Integration]Insert restrictions on when the hardware's test or debug features can be activated. For example, during normal operating modes, the hardware's privileged modes that allow access to such features cannot be activated. Configuring the hardware to only enter a test or debug mode within a window of opportunity such as during boot or configuration stage. The result is disablement of such test/debug features and associated modes during normal runtime operations.

Related CAPEC attack patterns· 1

CAPEC-121

References

  1. https://cwe.mitre.org/data/definitions/1313.html

Exploits (incoming)1

TypeTargetConfidenceTier
AttackPatternExploit Non-Production Interfacescapec-121100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Hardware Internal or Debug Modes Allow Override of Locks
CWE
Internal Asset Exposed to Unsafe Debug Access Level or State
CWE
Improper Finite State Machines (FSMs) in Hardware Logic
CWE
Semiconductor Defects in Hardware Logic with Security-Sensitive Implications
CWE
Hardware Logic Contains Race Conditions
CWE
Exposure of Sensitive System Information Due to Uncleared Debug Information
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.